1313 build-release-linux :
1414 runs-on : ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }}
1515 container :
16- image : ubuntu:22 .04
16+ image : ubuntu:24 .04
1717 strategy :
1818 matrix :
1919 platform :
@@ -65,10 +65,10 @@ jobs:
6565 make install && \
6666 cd ../.. && \
6767 rm -fr bpftool && \
68- curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)- ${ZIG_VERSION}.tar.xz && \
69- tar -xaf zig-linux-$(uname -m)- ${ZIG_VERSION}.tar.xz && \
70- rm -v zig-linux-$(uname -m)- ${ZIG_VERSION}.tar.xz && \
71- cd zig-linux-$(uname -m)- ${ZIG_VERSION} && \
68+ curl -LO https://ziglang.org/builds/zig-linux-" $(uname -m)"-" ${ZIG_VERSION}" .tar.xz && \
69+ tar -xaf zig-linux-" $(uname -m)"-" ${ZIG_VERSION}" .tar.xz && \
70+ rm -v zig-linux-" $(uname -m)"-" ${ZIG_VERSION}" .tar.xz && \
71+ cd zig-linux-" $(uname -m)"-" ${ZIG_VERSION}" && \
7272 cp -v zig /usr/bin && \
7373 find lib -exec cp --parents {} /usr/ \; && \
7474 cd .. && \
@@ -97,12 +97,12 @@ jobs:
9797name : Upload Artifacts
9898 uses : actions/upload-artifact@v4
9999 with :
100- name : sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.release_arch }}
100+ name : sysdig-release-${{ env.BUILD_VERSION }}-linux- ${{ matrix.release_arch }}
101101 path : |
102102 build/sysdig-${{ env.BUILD_VERSION }}*
103103
104- build-release-others-amd64 :
105- name : build-release-others-amd64
104+ build-release-others :
105+ name : build-release-others
106106 strategy :
107107 matrix :
108108 os : [windows-latest, macos-13, macos-14]
@@ -147,7 +147,7 @@ jobs:
147147 - platform : arm64
148148 base_arch : aarch64
149149 release_arch : aarch64
150- needs : [build-release-linux, sign-rpms, sign-debs ]
150+ needs : [build-release-linux, sign-linux-packages ]
151151 env :
152152 REGISTRY : ghcr.io
153153 SYSDIG_IMAGE_BASE : ghcr.io/draios/sysdig
@@ -158,12 +158,12 @@ jobs:
158158 - name : Download artifacts aarch64
159159 uses : actions/download-artifact@v4
160160 with :
161- name : sysdig-release-${{ env.BUILD_VERSION }}-aarch64
161+ name : sysdig-release-${{ env.BUILD_VERSION }}-linux- aarch64
162162
163163 - name : Download artifacts x86_64
164164 uses : actions/download-artifact@v4
165165 with :
166- name : sysdig-release-${{ env.BUILD_VERSION }}-x86_64
166+ name : sysdig-release-${{ env.BUILD_VERSION }}-linux- x86_64
167167
168168 - name : Set up Docker Buildx
169169 uses : docker/setup-buildx-action@v3
@@ -185,44 +185,10 @@ jobs:
185185 build-args :
186186 BUILD_VERSION=${{ env.BUILD_VERSION }}
187187
188- sign-rpms :
189- strategy :
190- matrix :
191- name : [amd64, arm64]
192- include :
193- - name : amd64
194- arch : x86_64
195- - name : arm64
196- arch : aarch64
197- needs : build-release-linux
198- runs-on : ubuntu-latest
199- env :
200- KEY_ID : EC51E8C4
188+ sign-linux-packages :
189+ runs-on : ubuntu-24.04
201190 container :
202- image : fedora:39
203- steps :
204- - name : Install deps
205- run : dnf install -y rpm-sign pinentry
206- - name : Download artifacts
207- uses : actions/download-artifact@v4
208- with :
209- name : sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
210- - name : Import private key
211- env :
212- PRIVATE_KEY : ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
213- run : printenv PRIVATE_KEY | gpg --import -
214- - name : Sign RPMs
215- run : rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm
216- - name : Check signature
217- run : test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0
218- - name : Upload Signed RPMs
219- uses : actions/upload-artifact@v4
220- with :
221- name : sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}-rpms
222- path : " *.rpm"
223-
224- sign-debs :
225- runs-on : ubuntu-latest
191+ image : ubuntu:24.04
226192 strategy :
227193 matrix :
228194 name : [amd64, arm64]
@@ -234,37 +200,44 @@ jobs:
234200 needs : build-release-linux
235201 env :
236202 KEY_ID : EC51E8C4
237- container :
238- image : debian:bullseye-slim
239203 steps :
240204 - name : Install deps
241- run : apt-get update && apt-get -y install dpkg-sig
205+ run : apt update && apt -y install debsigs rpm
242206
243207 - name : Download artifacts
244208 uses : actions/download-artifact@v4
245209 with :
246- name : sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
210+ name : sysdig-release-${{ env.BUILD_VERSION }}-linux- ${{ matrix.arch }}
247211
248212 - name : Import private key
249213 env :
250214 PRIVATE_KEY : ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
251215 run : printenv PRIVATE_KEY | gpg --import -
252216
253217 - name : Sign DEBs
254- run : dpkg-sig -k ${{ env.KEY_ID }} -s builder *.deb
218+ run : debsigs --sign=origin --default-key="${{ env.KEY_ID }}" *.deb
219+
220+ - name : Check signature DEBs
221+ run : debsigs --verify *.deb
222+
223+ - name : Sign RPMs
224+ run : rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm
255225
256- - name : Check signature
257- run : dpkg-sig --verify *.deb
226+ - name : Check signature RPMs
227+ run : test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0
258228
259- - name : Upload Signed DEBs
229+ - name : Upload Signed Packages
260230 uses : actions/upload-artifact@v4
261231 with :
262- name : sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}-debs
263- path : " *.deb"
232+ name : sysdig-release-${{ env.BUILD_VERSION }}-linux-${{ matrix.arch }}
233+ overwrite : true
234+ path : |
235+ *.deb
236+ *.rpm
264237
265238create-draft-release :
266239 runs-on : ubuntu-latest
267- needs : [push-container-image, build-release-linux, sign-rpms, sign-debs ]
240+ needs : [push-container-image, build-release-linux, sign-linux-packages, build-release-others ]
268241 steps :
269242 - name : Download all artifacts
270243 uses : actions/download-artifact@v4
0 commit comments